Emails are still the most common delivery method for malicious files, according to Check Point.
The cybersecurity firm disclosed this in its ‘Cyber Security Report for 2024.’ It revealed that 88 percent of all malicious file deliveries are via email despite ongoing efforts to bolster email protection strategies. Threat actors have continued to adapt and employ innovative techniques to bypass security measures.
However, it stated that a notable trend in the year has been the decline in the prevalence of malicious office files following Microsoft’s implementation of restrictions on Office VBA macros in files from external sources marked with the Mark-of-the-Web.
“This move led to a significant drop from nearly 50 percent in 2022 to a mere 2 percent in 2023,” the firm said.
This only pushed threat actors to pivot to alternative attack vectors, with HTML files emerging as a primary conduit for malicious content delivery, it noted.
According to Check Point analysis, HTML files now constitute 69 percent of all malicious file attachments, witnessing a substantial uptick in exploitation by cybercriminals.
It said, “These files are utilised in various nefarious schemes, including phishing attacks designed to mimic legitimate website login pages and harvest user credentials.”
The cybersecurity firm highlighted the rising prevalence of password-protected archives as an attackers’ favoured evasion tactic. Threat actors can evade detection by security filters by concealing the contents of these archives, effectively exploiting vulnerabilities in security protocols.
Check Point further stated that certain file formats, such as .img and .iso, reliant on specific software for extraction, pose additional challenges.
The firm urged organisations to implement robust security measures, including restrictions on email-delivered HTML files and heightened vigilance against password-protected archives.
“While advancements in security protocols have made strides in mitigating certain risks, the dynamic nature of cyber threats necessitates continual adaptation and vigilance to safeguard against emerging vulnerabilities,” it added.
